WordPress 2.8.5 was released yesterday, which includes a fix for a denial-of-service (DoS) attack and a number of changes that removed code that could potentially be used to hack into WordPress. The denial-of-service attack utilizes specially crafted trackbacks that cause WordPress to use a significant amount of processing power when they are processed which could lead WordPress becoming unresponsive. The code removal changes were originally developed for the upcoming version 2.9 and were backported to improve security as soon as possible.
Are Your Websites Up to Date?You can keep track of what versions of concrete5, Drupal, Joomla, Magento, MediaWiki, Moodle, PrestaShop, Revive Adserver, TYPO3, SPIP, WordPress, and Zen Cart are running on all of the websites you manage with our Up to Date? Chrome app.
Search This Blog
- 44.7 Percent of Plugins in the WordPress.org Plugin Directory Haven’t Been Updated in Over Two Years
- CloudAccess.net Stores Non-Hashed FTP/SFTP/SSH Passwords
- Does the Vulnerability Fixed in WordPress 4.2.1 Also Impact WordPress 3.7, 3.8, and 3.9?
- InMotion Hosting Prominently Promoting Installation of EOL’d Joomla Version
- Most Website Hackers Are Not Sophisticated
Web Software Updates
WordPress VersionWe are running WordPress 4.2.2 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Did We Make a Mistake?While it seems to be acceptable for blogs discussing web security to contain numerous factual mistakes, we hold ourselves to a higher standard. We only write about things that we actually understand and only after we have double checked the information. So if you see a mistake in one of our posts please leave a comment on the post or contact us so that we can add a correction.